diff options
| -rw-r--r-- | includes/database.inc | 31 | ||||
| -rw-r--r-- | modules/block/block.module | 6 | ||||
| -rw-r--r-- | modules/node/node.admin.inc | 12 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.pages.inc | 2 | ||||
| -rw-r--r-- | modules/user/user.module | 2 |
5 files changed, 36 insertions, 17 deletions
diff --git a/includes/database.inc b/includes/database.inc index e5cefded6..d82f94d00 100644 --- a/includes/database.inc +++ b/includes/database.inc @@ -188,6 +188,22 @@ function _db_query_callback($match, $init = FALSE) { } /** + * Generate placeholders for an array of query arguments of a single type. + * + * Given a Schema API field type, return correct %-placeholders to + * embed in a query + * + * @param $arguments + * An array with at least one element. + * @param $type + * The Schema API type of a field (e.g. 'int', 'text', or 'varchar'). + */ +function db_placeholders($arguments, $type = 'int') { + $placeholder = _db_type_placeholder($type); + return implode(',', array_fill(0, count($arguments), $placeholder)); +} + +/** * Indicates the place holders that should be replaced in _db_query_callback(). */ define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/'); @@ -437,10 +453,10 @@ function db_create_table(&$ret, $name, $table) { } /** - * Return an array of field names from an array of key/index column - * specifiers. This is usually an identity function but if a - * key/index uses a column prefix specification, this function - * extracts just the name. + * Return an array of field names from an array of key/index column specifiers. + * + * This is usually an identity function but if a key/index uses a column prefix + * specification, this function extracts just the name. * * @param $fields * An array of key/index column specifiers. @@ -461,9 +477,10 @@ function db_field_names($fields) { } /** - * Given a Schema API field type, return the correct %-placeholder to - * embed in a query to be passed to db_query along with a value from a - * column of the specified type. + * Given a Schema API field type, return the correct %-placeholder. + * + * Embed the placeholder in a query to be passed to db_query and and pass as an + * argument to db_query a value of the specified type. * * @param $type * The Schema API type of a field. diff --git a/modules/block/block.module b/modules/block/block.module index ca2a204f7..af458a8d5 100644 --- a/modules/block/block.module +++ b/modules/block/block.module @@ -332,7 +332,8 @@ function block_user($type, $edit, &$user, $category = NULL) { switch ($type) { case 'form': if ($category == 'account') { - $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles))); + $rids = array_keys($user->roles); + $result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (". db_placeholders($rids) .") OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids); $form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE); while ($block = db_fetch_object($result)) { $data = module_invoke($block->module, 'block', 'list'); @@ -379,7 +380,8 @@ function block_list($region) { static $blocks = array(); if (!count($blocks)) { - $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), $theme_key, implode(',', array_keys($user->roles))); + $rids = array_keys($user->roles); + $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (". db_placeholders($rids) .") OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), array_merge(array($theme_key), $rids)); while ($block = db_fetch_object($result)) { if (!isset($blocks[$block->region])) { $blocks[$block->region] = array(); diff --git a/modules/node/node.admin.inc b/modules/node/node.admin.inc index eeac16e56..115bb486e 100644 --- a/modules/node/node.admin.inc +++ b/modules/node/node.admin.inc @@ -116,42 +116,42 @@ function node_node_operations() { * Callback function for admin mass publishing nodes. */ function node_operations_publish($nodes) { - db_query('UPDATE {node} SET status = 1 WHERE nid IN(%s)', implode(',', $nodes)); + db_query('UPDATE {node} SET status = 1 WHERE nid IN('. db_placeholders($nodes) .')', $nodes); } /** * Callback function for admin mass unpublishing nodes. */ function node_operations_unpublish($nodes) { - db_query('UPDATE {node} SET status = 0 WHERE nid IN(%s)', implode(',', $nodes)); + db_query('UPDATE {node} SET status = 0 WHERE nid IN('. db_placeholders($nodes) .')', $nodes); } /** * Callback function for admin mass promoting nodes. */ function node_operations_promote($nodes) { - db_query('UPDATE {node} SET status = 1, promote = 1 WHERE nid IN(%s)', implode(',', $nodes)); + db_query('UPDATE {node} SET status = 1, promote = 1 WHERE nid IN('. db_placeholders($nodes) .')', $nodes); } /** * Callback function for admin mass demoting nodes. */ function node_operations_demote($nodes) { - db_query('UPDATE {node} SET promote = 0 WHERE nid IN(%s)', implode(',', $nodes)); + db_query('UPDATE {node} SET promote = 0 WHERE nid IN('. db_placeholders($nodes) .')', $nodes); } /** * Callback function for admin mass editing nodes to be sticky. */ function node_operations_sticky($nodes) { - db_query('UPDATE {node} SET status = 1, sticky = 1 WHERE nid IN(%s)', implode(',', $nodes)); + db_query('UPDATE {node} SET status = 1, sticky = 1 WHERE nid IN('. db_placeholders($nodes) .')', $nodes); } /** * Callback function for admin mass editing nodes to remove stickiness. */ function node_operations_unsticky($nodes) { - db_query('UPDATE {node} SET sticky = 0 WHERE nid IN(%s)', implode(',', $nodes)); + db_query('UPDATE {node} SET sticky = 0 WHERE nid IN('. db_placeholders($nodes) .')', $nodes); } /** diff --git a/modules/taxonomy/taxonomy.pages.inc b/modules/taxonomy/taxonomy.pages.inc index ef4ceaed2..5ff9cff48 100644 --- a/modules/taxonomy/taxonomy.pages.inc +++ b/modules/taxonomy/taxonomy.pages.inc @@ -16,7 +16,7 @@ function taxonomy_term_page($str_tids = '', $depth = 0, $op = 'page') { } if ($terms['tids']) { - $result = db_query(db_rewrite_sql('SELECT t.tid, t.name FROM {term_data} t WHERE t.tid IN (%s)', 't', 'tid'), implode(',', $terms['tids'])); + $result = db_query(db_rewrite_sql('SELECT t.tid, t.name FROM {term_data} t WHERE t.tid IN ('. db_placeholders($terms['tids']) .')', 't', 'tid'), $terms['tids']); $tids = array(); // we rebuild the $tids-array so it only contains terms the user has access to. $names = array(); while ($term = db_fetch_object($result)) { diff --git a/modules/user/user.module b/modules/user/user.module index f82cdde5e..b215c7efd 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -453,7 +453,7 @@ function user_access($string, $account = NULL) { // To reduce the number of SQL queries, we cache the user's permissions // in a static variable. if (!isset($perm[$account->uid])) { - $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles))); + $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles)); $perm[$account->uid] = ''; while ($row = db_fetch_object($result)) { |